Tools
Tools
Highly inspired by The Bug Hunter’s Methodology Jason Haddix @jhaddix.
Seeds/Roots
crt.sh crt.sh | Certificate Search
ASN Enumeratiom
bgp.he.net
Asnlookup
Metabigor
Reverse WHOIS
whoxy.com
DOMLink
Ad/Analytics Relationships
builtwith.com (also available as Firefox addon)
getrelationship.py
Google-Fu
Copyright text
Terms of service text
Privacy policy test
Subs
Linked and JS Discovery
Burp Suite Pro (or ZAP Proxy?)
GoSpider
hakrawler
Subdomainizer
subscraper
Subdomain Scraping
site:twitch-tv -www.twicht.tvsite:twitch-tv -www.twicht.tv -watch.twitch.tvAmass
amass enum ...Subfinder v2
github-subdomains.py
github-search (unstable -> run multiple times)
shosubgo
Cloud Ranges (scan all AWS, Azure, etc. check SSL certs for "target")
Subdomain Bruting
Massdns
Amass
amass enum -brute -d twitch.tv -srcaisdnsbrute
shuffleDNS
altdns
HostileSubBrutforcer GitHub - nahamsec/HostileSubBruteforcer
Wordlists
all.txt
AssetNote -> commonspeak2
Favicon Analysis
favfreak
Port Analysis
Nmap
masscan (faster than Nmap)
dnmasscan
Brutespray
GitHub Dorking
github-search
Screenshotting
Aquatone
Eyewitness
httpscreenshot
WitnessMe
Subdomain takeover
can-i-take-over-xyz
Nuclei
SubOver
Automation++
interlace
Tools by TomNomNom (eg httpprobe, mage)
Frameworks
S-Tier
Bunty.offensiveai.com (paid)
Scout (paid)
A-Tier
B-Tier
C-Tier
MISC (to be cleaned up)
WebScarab
Recon-ng
GitRob
OnlineHashCrack.com
idb
Wireshark
Bucket Finder
Race the Web
Google Dorks
JD GUI
Mobile Security Framework
Ysoserial
Last updated